b'Remote Access Systems Review\n\n(Report No. 03-030, June 5, 2003)\n\nSummary\n\nInternational Business Machines (IBM), an independent professional services firm, was engaged\nby the Office of Inspector General (OIG) to perform a vulnerability assessment of the Federal\nDeposit Insurance Corporation\xe2\x80\x99s (FDIC) network operations. The work accomplished through\nthis contract helped the OIG satisfy its Federal Information Security Management Act-related\nreporting requirements.\n\nThe objectives of the review were to (1) evaluate the controls, policies, and procedures for the\nFDIC\xe2\x80\x99s Dial In Access and (2) analyze and test the FDIC\xe2\x80\x99s connectivity through the Internet\nVirtual Private Network (VPN) client. The scope of the review was specifically designed to\nfocus on vulnerable areas with respect to security and those areas requiring further attention.\n\nIBM concluded that the FDIC had implemented a number of good security practices regarding\nremote connectivity. IBM also identified several opportunities to further strengthen remote\naccess controls to the FDIC network.\n\nRecommendations\n\nIBM made recommendations to the Division of Information and Resources Management\n(DIRM) to improve authentication controls for remote access.\n\nManagement Response\n\nDIRM\xe2\x80\x99s proposed actions adequately addressed the intent of the recommendations.\n\nThis report addresses issues associated with information security. Accordingly, we have not\nmade, nor do we intend to make, public release of the specific contents of the report.\n\x0c'